SelectBlinds, a well-known online retailer specializing in custom blinds and shades, has confirmed a data breach that exposed the sensitive information of 206,238 customers.
The breach, attributed to a sophisticated cyberattack, allowed hackers to embed malicious software on the company’s website, enabling them to harvest customer data for months.
According to documents filed in California and Maine, SelectBlinds discovered the breach on September 28, 2024, but further investigation revealed that the malware had been active on its checkout page since January 7, 2024.
During this period, the malicious code silently skimmed sensitive customer information, including credit card details, names, addresses, phone numbers, and login credentials.
Attend a Free Webinar on How to Maximize Cybersecurity Program ROI
The most alarming aspect of the breach is the exposure of full payment card details, including card numbers, expiration dates, and CVV security codes.
This information poses a significant risk, as it can quickly be sold on the dark web and used for fraudulent transactions.
The malware operated unnoticed for months, scraping sensitive information as customers completed purchases on the SelectBlinds website.
The breach is part of a broader trend of credit card skimming attacks on e-commerce platforms, where hackers target checkout pages to steal payment data.
SelectBlinds has since removed the malware and is implementing additional security measures.
As a precaution, the company is enforcing a password reset for all user accounts. Customers attempting to log in will be required to create new passwords, and the company urges them to ensure that they are not using the same credentials on other websites.
As per a report by BitDefender, SelectBlinds has also advised affected customers to monitor their payment card statements closely for unusual transactions and report any suspicious activity to their financial institutions.
This breach highlights the growing threat of cyberattacks targeting online retailers and the importance of robust security practices to protect customer data.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!